Family: Windows : Microsoft Bulletins --> Category: infos
Word can lead to Script execution on mail reply Vulnerability Scan
Vulnerability Scan Summary
Acertains the version of WinWord.exe
Detailed Explanation for this Vulnerability Test
Arbitrary code can be executed on the remote host through Word.
Outlook 2000 and 2002 provide the option to use Microsoft Word as
the e-mail editor when creating and editing e-mail in RTF or HTML.
There is a flaw in some versions of Word which may allow a possible hacker
to execute arbitrary code when the user replies to a specially
formed message using Word.
A possible hacker may use this flaw to execute arbitrary code on this host.
Microsoft has released a set of patches for Office 2000 and 2002 :
Medium / CVSS Base Score : 6
Click HERE for more information and discussions on this network vulnerability scan.